diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2017-07-16 16:22:33 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2017-07-16 16:29:12 -0700 |
| commit | 59f6972134f312863dc761bf66a954a8036d0d86 (patch) | |
| tree | cd479a7fe59b72985f98e57c4b4d861c01cf5bc8 /lib/explicit_bzero.c | |
| parent | 252444aaa3a7cb9fc70289a5a3920f8a9d848109 (diff) | |
| download | emacs-59f6972134f312863dc761bf66a954a8036d0d86.tar.gz | |
Use explicit_bzero to clear GnuTLS keys
* admin/merge-gnulib (GNULIB_MODULES): Add explicit_bzero.
* lib/explicit_bzero.c, m4/explicit_bzero.m4: New files.
* lib/gnulib.mk.in, m4/gnulib-comp.m4: Regenerate.
* src/gnutls.c (clear_storage): New function.
(gnutls_symmetric_aead): Use it instead of memset.
Diffstat (limited to 'lib/explicit_bzero.c')
| -rw-r--r-- | lib/explicit_bzero.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/lib/explicit_bzero.c b/lib/explicit_bzero.c new file mode 100644 index 00000000000..262c68f9cd6 --- /dev/null +++ b/lib/explicit_bzero.c @@ -0,0 +1,48 @@ +/* Erasure of sensitive data, generic implementation. + Copyright (C) 2016-2017 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +/* An assembler implementation of explicit_bzero can be created as an + assembler alias of an optimized bzero implementation. + Architecture-specific implementations also need to define + __explicit_bzero_chk. */ + +#if !_LIBC +# include <config.h> +#endif + +#include <string.h> + +/* glibc-internal users use __explicit_bzero_chk, and explicit_bzero + redirects to that. */ +#undef explicit_bzero + +/* Set LEN bytes of S to 0. The compiler will not delete a call to + this function, even if S is dead after the call. */ +void +explicit_bzero (void *s, size_t len) +{ +#ifdef HAVE_EXPLICIT_MEMSET + explicit_memset (s, 0, len); +#else + memset (s, '\0', len); +# ifdef __GNUC__ + /* Compiler barrier. */ + asm volatile ("" ::: "memory"); +# endif +#endif +} |